Merge "Clear calling identity before calling into DPM" am: ae04a1a842

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2445864 Change-Id: I72aa8fe3af7c7dc4a17a538d10203e57c46b3488 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-02 06:38:17 +00:00
parent 67e7045d07 ae04a1a842
commit 0f4f9dc068
1 changed files with 13 additions and 7 deletions
--- a/framework-t/src/android/net/NetworkStatsAccess.java
+++ b/framework-t/src/android/net/NetworkStatsAccess.java
@@ -111,17 +111,18 @@ public final class NetworkStatsAccess {
        final DevicePolicyManager mDpm = context.getSystemService(DevicePolicyManager.class);
        final TelephonyManager tm = (TelephonyManager)
                context.getSystemService(Context.TELEPHONY_SERVICE);
-        boolean hasCarrierPrivileges;
-        final long token = Binder.clearCallingIdentity();
+        final boolean hasCarrierPrivileges;
+        final boolean isDeviceOwner;
+        long token = Binder.clearCallingIdentity();
        try {
            hasCarrierPrivileges = tm != null
                    && tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage)
                            == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;
+            isDeviceOwner = mDpm != null && mDpm.isDeviceOwnerApp(callingPackage);
        } finally {
            Binder.restoreCallingIdentity(token);
        }

-        final boolean isDeviceOwner = mDpm != null && mDpm.isDeviceOwnerApp(callingPackage);
        final int appId = UserHandle.getAppId(callingUid);

        final boolean isNetworkStack = context.checkPermission(
@@ -135,15 +136,20 @@ public final class NetworkStatsAccess {
            return NetworkStatsAccess.Level.DEVICE;
        }

-        boolean hasAppOpsPermission = hasAppOpsPermission(context, callingUid, callingPackage);
+        final boolean hasAppOpsPermission =
+                hasAppOpsPermission(context, callingUid, callingPackage);
        if (hasAppOpsPermission || context.checkCallingOrSelfPermission(
                READ_NETWORK_USAGE_HISTORY) == PackageManager.PERMISSION_GRANTED) {
            return NetworkStatsAccess.Level.DEVICESUMMARY;
        }

-        //TODO(b/169395065) Figure out if this flow makes sense in Device Owner mode.
-        boolean isProfileOwner = mDpm != null && (mDpm.isProfileOwnerApp(callingPackage)
-                || mDpm.isDeviceOwnerApp(callingPackage));
+        final boolean isProfileOwner;
+        token = Binder.clearCallingIdentity();
+        try {
+            isProfileOwner = mDpm != null && mDpm.isProfileOwnerApp(callingPackage);
+        } finally {
+            Binder.restoreCallingIdentity(token);
+        }
        if (isProfileOwner) {
            // Apps with the AppOps permission, profile owners, and apps with the privileged
            // permission can access data usage for all apps in this user/profile.